@@ -417,6 +417,40 @@ func TestAccComputeInstanceFromMachineImage_VSSWindows(t *testing.T) {
417417}
418418{{- end }}
419419
420+ func TestAccComputeInstanceFromMachineImage_workloadIdentity(t *testing.T ) {
421+ t.Parallel ()
422+
423+ var instance map[string]interface{}
424+ instanceName := fmt.Sprintf (" tf-test-%s " , acctest.RandString (t, 10))
425+ generatedInstanceName := fmt.Sprintf (" tf-test-generated-%s " , acctest.RandString (t, 10))
426+ randomSuffix := acctest.RandString (t, 10)
427+ resourceName := " google_compute_instance_from_machine_image.foobar"
428+
429+ context := map[string]interface{}{
430+ " instance_name" : instanceName,
431+ " generated_instance_name" : generatedInstanceName,
432+ " random_suffix" : randomSuffix,
433+ " identity_id" : " tf-test-id-1-" + randomSuffix,
434+ " identity_certificate_enabled" : true,
435+ }
436+
437+ acctest.VcrTest (t, resource.TestCase {
438+ PreCheck: func() { acctest.AccTestPreCheck (t) },
439+ ProtoV5ProviderFactories: acctest.ProtoV5ProviderFactories (t),
440+ CheckDestroy: testAccCheckComputeInstanceFromMachineImageDestroyProducer(t),
441+ Steps: []resource.TestStep {
442+ {
443+ Config: testAccComputeInstanceFromMachineImage_workloadIdentity(context),
444+ Check: resource.ComposeTestCheckFunc (
445+ testAccCheckComputeInstanceExists(t, resourceName, &instance),
446+ resource.TestCheckResourceAttr (resourceName, " workload_identity_config.0.identity" , fmt.Sprintf (" ns/tf-test-ns-%s /sa/tf-test-id-1-%s " , randomSuffix, randomSuffix)),
447+ resource.TestCheckResourceAttr (resourceName, " workload_identity_config.0.identity_certificate_enabled" , " true" ),
448+ ),
449+ },
450+ },
451+ })
452+ }
453+
420454func testAccCheckComputeInstanceFromMachineImageDestroyProducer(t *testing.T ) func(s *terraform.State ) error {
421455 return func(s *terraform.State ) error {
422456 config := acctest.GoogleProviderConfig (t)
@@ -1490,6 +1524,68 @@ resource "google_compute_instance_from_machine_image" "foobar" {
14901524` , context)
14911525}
14921526
1527+ func testAccComputeInstanceFromMachineImage_workloadIdentity(context map[string]interface{}) string {
1528+ return acctest.Nprintf (`
1529+ data "google_compute_image" "my_image" {
1530+ family = "debian-11"
1531+ project = "debian-cloud"
1532+ }
1533+
1534+ resource "google_iam_workload_identity_pool" "pool" {
1535+ workload_identity_pool_id = "tf-test-pool-%{random_suffix}"
1536+ mode = "TRUST_DOMAIN"
1537+ }
1538+
1539+ resource "google_iam_workload_identity_pool_namespace" "ns" {
1540+ workload_identity_pool_id = google_iam_workload_identity_pool.pool.workload_identity_pool_id
1541+ workload_identity_pool_namespace_id = "tf-test-ns-%{random_suffix}"
1542+ }
1543+
1544+ resource "google_iam_workload_identity_pool_managed_identity" "id" {
1545+ workload_identity_pool_id = google_iam_workload_identity_pool_namespace.ns.workload_identity_pool_id
1546+ workload_identity_pool_namespace_id = google_iam_workload_identity_pool_namespace.ns.workload_identity_pool_namespace_id
1547+ workload_identity_pool_managed_identity_id = "%{identity_id}"
1548+ }
1549+
1550+ resource "google_compute_instance" "vm" {
1551+ name = "%{instance_name}-source"
1552+ machine_type = "e2-medium"
1553+ zone = "us-central1-a"
1554+
1555+ boot_disk {
1556+ initialize_params {
1557+ image = data.google_compute_image.my_image.self_link
1558+ }
1559+ }
1560+
1561+ network_interface {
1562+ network = "default"
1563+ }
1564+
1565+ workload_identity_config {
1566+ identity = "ns/tf-test-ns-%{random_suffix}/sa/%{identity_id}"
1567+ identity_certificate_enabled = %{identity_certificate_enabled}
1568+ }
1569+ }
1570+
1571+ resource "google_compute_machine_image" "foobar" {
1572+ name = "image-%{random_suffix}"
1573+ source_instance = google_compute_instance.vm.self_link
1574+ }
1575+
1576+ resource "google_compute_instance_from_machine_image" "foobar" {
1577+ name = "%{generated_instance_name}"
1578+ zone = "us-central1-a"
1579+ source_machine_image = google_compute_machine_image.foobar.self_link
1580+
1581+ workload_identity_config {
1582+ identity = "ns/tf-test-ns-%{random_suffix}/sa/%{identity_id}"
1583+ identity_certificate_enabled = %{identity_certificate_enabled}
1584+ }
1585+ }
1586+ ` , context)
1587+ }
1588+
14931589{{ if ne $ .TargetVersionName ` ga` -}}
14941590func testAccComputeInstanceFromMachineImage_VSSWindows(context map[string]interface{}) string {
14951591 return acctest.Nprintf (`
0 commit comments